cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: curl_easy_perform() fails with "Problem with the SSL CA cert (path? access rights?)" after first time calling this routine

From: cnm marketing <cnn.marketing_at_gmail.com>
Date: Fri, 15 Mar 2013 12:59:39 -0400

>libcurl is able to use 9 different SSL implementation as its SSL library
for SSL connections. And yes, OpenSSL is one of them.
[cnm] Does libcurl statically link ssl or dynamically load those ssl?

>I've never seen the error message
*> * error:0506706E:Diffie-Hellman routines:GENERATE_KEY:key size too small
*
[cnm] If you believe this error message is NOT from libcurl itself, then I
believe this error message is from the openssl routines that the libcurl
invokes. The question is why openssl throw this error, and in what
situation (from libcurl code) this error will be throwed from libcurl?
>What SSL implementation is your libcurl using? How is the SSL stack build
and how did you build libcurl?
[cnm]
1. I am not sure if I understand your first question, we use libcurl, if
libcurl uses ssl, then we use whatever is on the system, in our case, we
use openssl.
2. We use dlopen()/dlsym()/dlclose() to load libcurl library. This is the
ONLY way that we can fit libcurl into our software layers. I need to check
with other groups and see how many they use ssl in their layers. I'll get
back to you on this.

On Fri, Mar 15, 2013 at 10:44 AM, cnm marketing <cnn.marketing_at_gmail.com>wrote:

> How that can be? Does libcurl also use openssl?
>
> From my code, I only invoke libcurl routines. Again the following
> output are the libcurl output by using CURLOPT_VERBOSE and CURLOPT_STDERR.
> When setting CURLOPT_SSL_VERIFYHOST to 1, we got the debug1.txt output,
> when setting CURLOPT_SSL_VERIFYHOST to 0, we get the debug.txt output
>
>
> [root_at_l2se0132 bin]# more /debug1.txt
>
> * About to connect() to l2se0060.lss.emc.com port 8443 (#0)
>
> * Trying 10.247.73.60...
>
> * Connected to l2se0060.lss.emc.com (10.247.73.60) port 8443 (#0)
>
> * successfully set certificate verify locations:
>
> * CAfile: /usr/yhuang/cert.pem
>
> CApath: none
>
> * error:0506706E:Diffie-Hellman routines:GENERATE_KEY:key size too small
>
> * Closing connection 0
>
>
>
> [root_at_l2se0132 bin]# more /debug.txt
>
> * About to connect() to l2se0060.lss.emc.com port 8443 (#0)
>
> * Trying 10.247.73.60...
>
> * Connected to l2se0060.lss.emc.com (10.247.73.60) port 8443 (#0)
>
> * error:0506706E:Diffie-Hellman routines:GENERATE_KEY:key size too small
>
> * Closing connection 0
>
>
>
> On Fri, Mar 15, 2013 at 3:45 AM, Daniel Stenberg <daniel_at_haxx.se> wrote:
>
>> On Thu, 14 Mar 2013, cnm marketing wrote:
>>
>> * error:0506706E:Diffie-Hellman routines:GENERATE_KEY:key size too small
>>>
>>
>> Please stop top-posting and full-quoting.
>>
>> My 3.2 seconds of googling on this topic lead to this:
>>
>> http://comments.gmane.org/**gmane.comp.encryption.openssl.**user/43777<http://comments.gmane.org/gmane.comp.encryption.openssl.user/43777>
>>
>> --
>>
>> / daniel.haxx.se
>>
>
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-03-15